IBM420388B427400EA73B0C2E7F11056E69CB9B7902C9664637FE61E4497287E02DSecurity Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Summary
IBM Security Guardium has addressed the following vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-3283 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Logging component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151596> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-3162 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151479> for the current score
CVSS Environmental Score*: Undefined
CVE-ID: CVE-2018-3279
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Roles component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151592> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3258
Description: An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an authenticated attacker to take control of the system.
CVSS Base Score: 8.8
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151572> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-ID: CVE-2018-3137
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151453> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3156
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151472> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3277
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151590> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3212
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Information Schema component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151528> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3278
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: RBR component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151591> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3276
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151589> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3133
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151449> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3155
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.7
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151471> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
CVE-ID: CVE-2018-3251
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151565> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3174
Description: An unspecified vulnerability in Oracle MySQL related to the Server Client programs component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151491> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)
CVE-ID: CVE-2018-3195
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151512> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)
CVE-ID: CVE-2018-3173
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151490> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3170
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151487> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3171
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Partition component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.0
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151488> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)
CVE-ID: CVE-2018-3247
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Merge component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151561> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)
CVE-ID: CVE-2018-3203
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151519> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3145
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151461> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3200
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151516> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3286
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151599> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVE-ID: CVE-2018-3143
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151459> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3187
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151504> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)
CVE-ID: CVE-2018-3144
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Audit component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151460> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3284
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.4
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151597> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3185
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151502> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)
CVE-ID: CVE-2018-3285
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Windows component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151598> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3186
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151503> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3161
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Partition component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151478> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-ID: CVE-2018-3282
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Storage Engines component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151595> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Affected IBM Security Guardium
|
Affected Versions
—|—
IBM Security Guardium | 10.6
IBM Security Guardium | 10 - 10.5
IBM Security Guardium | 9.0 - 9.5
Remediation/Fixes
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium | 10.6 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p610_Combined-Fix-Pack-for-GPU-600_2019-02-27&includeSupersedes=0&source=fc
IBM Security Guardium | 10-10.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p520_Bundle_Dec-06-2018&includeSupersedes=0&source=fc
IBM Security Guardium | 9.0 -9.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=9.0&platform=All&function=fixId&fixids=SqlGuard_9.0p775_CombinedFixPackForGPU750_64-bit&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 10 | |
| ibm security guardium | eq | 10.6 | |
| ibm security guardium | eq | 9.0 | |
| ibm security guardium | eq | 9.5 |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P